Friday, July 18, 2008

802.1X - The port based authentication mechanism

802.1X is a port based authentication mechanism for networking devices and hosts.

How it is relevant to a lay-man?

You connect your laptop to a network socket - provided by a switch, which enforced port based authentication. The switch doesn't provide the connectivity until you authenticate with an "Authentication Server".

So there are three entities here - Supplicant (You, your PC), Authenticator (The Switch) and the Authentication Server (Usually a domain controller or active directory or simply any RADIUS server, where information about all the users of the corporate are stored)

Supplicant:
The supplicant provides the information for authentication, who you are, and what secret you know. Usually a user name and password.

Microsoft Windows has a 802.1X supplicant.

Authenticator:
The swith has two ports per a logical port - yes logical in the sense, each physical port can connect to any number of hosts, via a repeater hub. That means, each host gets a logical port.

The two ports are
uncontrolled port: this port is always open for communication - you can say the key hole. The supplicant has to provide the authentication information to the authenticator via this port.

controlled port: this port is for the general data transfer. This port is by default "closed". When the authentication server successfully authenticates a user, the authenticator "opens" the controlled port for that user.